Please sign in to comment.
vga: stop passing pointers to vga_draw_line* functions
Instead pass around the address (aka offset into vga memory). Add vga_read_* helper functions which apply vbe_size_mask to the address, to make sure the address stays within the valid range, similar to the cirrus blitter fixes (commits ffaf857 and 026aeff). Impact: DoS for privileged guest users. qemu crashes with a segfault, when hitting the guard page after vga memory allocation, while reading vga memory for display updates. Fixes: CVE-2017-13672 Cc: P J P <firstname.lastname@example.org> Reported-by: David Buchanan <email@example.com> Signed-off-by: Gerd Hoffmann <firstname.lastname@example.org> Message-id: email@example.com
- Loading branch information...
Showing with 114 additions and 94 deletions.
Oops, something went wrong.